Blocking Google Drive

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Blocking Google Drive

L4 Transporter

Hi all,

I'm trying to block access to Google Drive with not much success.

The Applipedia has an entry called "google-drive" but this application definition does not seem to be present on my system (PA-2020 4.1.6 327-1497)

I do have an application called "google-drive-web" so I have blocked this.  I have seen a couple of denys for this application this but Google Drive continues to work (both the Google Drive app instaled on my PC and the Google Drive web interface) . 

The problem I think is that immediately after the "google-drive-web" drops in the log, there are a number of "ssl" connections to a similar IP address.  I suspect that these are the connections that need to be blocked.

Has anybody managed to block Google Drive please, and if so how did you do it?

Many thanks,

Dave

1 accepted solution

Accepted Solutions

The SSL termination seems to break the Google Drive application on my PC, however the web interface now gets blocked correctly!

I did notice that there was another question relating to getting Google Drive working using SSL termination, but as I don't want it to work I'm going to leave things as they are.

The PA did not detect the traffic any differently - I don't think the app got beyond trying to validate the fake certificate it got back from my PA.

Many thanks,

Dave

View solution in original post

9 REPLIES 9

L6 Presenter

What about if you add gmail-drive (which seems to be what applipedia currently calls it)?

327-1497 is the latest db released 4th sept so your device seems to be up2date.

I think you would also need to enable ssl termination (decrypt rules for ssl) in order to successfully block various google services.

Thanks.  I did spot gmail-drive mentioned in the google-drive description in Applipedia but ddn't try it as traffic was being identified as "ssl".

I've just tried it now though to be sure, but unfortunately this doesn't seem to make any difference.

I suspect you may be right about having to use SSL termination.  I will experiment with this later today.

Thanks,

Dave

Sorry you are right, if the traffic log identified the traffic as ssl or whatever then it wont help by adding gmail-drive Smiley Happy

If possible (during "debug") you can use "any" as appid to spot how the PA will detect the traffic (limit the rule to the specific client ip as srcip or such) - would be nice if you could return with info on how the PA detect the traffic once you enabled ssl termination.

The SSL termination seems to break the Google Drive application on my PC, however the web interface now gets blocked correctly!

I did notice that there was another question relating to getting Google Drive working using SSL termination, but as I don't want it to work I'm going to leave things as they are.

The PA did not detect the traffic any differently - I don't think the app got beyond trying to validate the fake certificate it got back from my PA.

Many thanks,

Dave

So still no detection as gmail-drive (the correct detection is still google-drive-web)?

Unfortunately no - I think the app must be checking the certificate when it makes a connection to the Google Drive server and failing when it sees it is signed by my substituted CA.  Understandable I suppose.

Hey so I guess I missed what exactly you did to get this working like you wanted. I'm trying to block Google Drive web as well, for some reason its getting blocked on IE but in chrome and firefox its still working.

@justynfortenberry

 

A lot has changed in the 4.5 years since the most recent post on this thread. You may be better off starting a new thread with the details of what you have (hardware, PAN-OS version, content version, etc.).

Thanks I'll do that!

  • 1 accepted solution
  • 8321 Views
  • 9 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!